“The rapid development of technology, including cloud computing and mobile applications, creates new challenges, which have to be addressed to ensure that the fundamental rights of individuals are fully respected,” the supervisor said

When information is to be processed by cloud computing services, the EDPS may conduct prior checks to see if the data transfer complies with EU regulations.

“In this environment, clients’ data are often transferred to cloud providers’ servers and data centers located in various parts of the world. As there is no stable location for the data, the EDPS might have to verify that any adequate safeguards effectively comply” with EU regulation, it said.

This might be the case if the processing operations are likely to present specific risks to the rights and freedoms of the person whose personal data are collected, held or processed, it said. However, this might only apply in specific situations to be defined in subsequent guidance, due to the complexity and sensitivity of the data.

The EDPS didn’t immediately respond to a request for comment on the report.